Patent · US Expired

Method and system for detecting vulnerabilities in source code

US7240332B2 · kind B2 · utility

25Cited by

2References

22Claims

0Family size

Assignee

Ounce Labs, Inc. · US

Inventors

Ryan Berg · Austin, US
Larry Rose · Chelmsford, US
John Peyton · Arlington, US
John J. Danahy · Bow, US
Robert A. Gottlieb · Westford, US
Chris Rehbein · Watertown, US

Key dates

Filing date	Apr 15, 2004
Grant date	Jul 3, 2007
Priority date	—
Expiry date	Apr 15, 2024

Classification

Technology area (CPC G)Physics
CPC primaryG06F11/3604
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.